The decreasing cost of information technologies has rapidly enabled the collection, storage, and application of highly sensitive personal information in healthcare environments, which until recently, were dependent on paper documentation, face-to-face interactions, and physical protections for all matters trust-related. As these environments migrate to the electronic setting, it is imperative, as well as our legal and social obligation, to protect the privacy of patients" electronic health records (EHRs) from threats that are external, as well as internal, to healthcare organizations (HCOs). For the most part, the medical informatics and computer science communities have focused on the external threat, which has led to the development of sophisticated information and computer security mechanisms. However, the internal threat has been neglected, mainly due to the dynamic nature of complex HCOs, such as large distributed medical centers. One of the most significant challenges of data protection in HCOs is that we cannot limit service providers'access to the records in mission critical settings. Consider when a hospital patient requires treatment and a care provider's access to their EHR is delayed or denied, the patient may suffer considerable harm or death. Federal regulations, such as the Security Rule of the Health Insurance Portability and Accountability Act, require HCOs to stockpile access logs, but there are no clear mechanisms for auditing beyond simple manual spot checks, which are limited in scope. Thus, the overarching goal of this project to develop automated methods to data mine EHR access logs to detect when potentially privacy-violating accesses have been committed, so that the appropriate authorities may be alerted to follow-up with an investigation. Our primary goal is to develop informatics tools to monitor how users (e.g., physicians) access the records of subjects (e.g., patients) in the system and flag potentially privacy-compromising actions (e.g., an unauthorized "peek"). The proposed tools will integrate HCO knowledge and access log repositories to represent the system as a dynamic social network of teams and business processes that are applied to score the "safety" of each recorded access. The specific objectives of the proposed project are (1) to develop a scientific foundation for automatically learning and modeling the normal business operations of HCOs from EHR access logs, (2) to automatically detect EHR accesses that are suspicious in the context of learned HCO operations, (3) to evaluate our approach with expert feedback, and (4) to implement our approaches in an extendable software tool that is rapidly reconfigurable to any EHR system. In support of these goals, we will evaluate real world access logs from the EHR system of the Vanderbilt University Medical Center, which is a detailed repository with data covering tens of thousands of users and over a million patients. We believe that auditing tools for EHR systems, such as those developed through this research, are crucial to the continued adoption of health information technologies without sacrificing patients'privacy rights.